[June-2021]Full Version AZ-500 Exam Dumps PDF AZ-500 278Q for Free Download[Q269-Q278]
June/2021 Latest Braindump2go AZ-500 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-500 Real Exam Questions! QUESTION 269 You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account. What should you use to retrieve the diagnostics logs? A. Azure Security Center B. Azure Monitor C. the Security admin center D. Azure Storage Explorer Answer: B Explanation: https://docs.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal 1 QUESTION 270 You have an Azure subscription that contains the resources shown in the following table. You plan to enable Azure Defender for the subscription. Which resources can be protected by using Azure Defender? A. VM1, VNET1, storage1, and Vault1 B. VM1, VNET1, and storage1 only C. VM1, storage1, and Vault1 only D. VM1 and VNET1 only E. VM1 and storage1 only Answer: A Explanation: https://docs.microsoft.com/en-us/azure/security-center/azure-defender 2 QUESTION 271 You have an Azure subscription that contains a resource group named RG1 and a security group named ServerAdmins. RG1 contains 10 virtual machines, a virtual network named VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP. You need to ensure that NSG1 only allows RDP connections to the virtual machines for a maximum of 60 minutes when a member of ServerAdmins requests access. What should you configure? A. an Azure policy assigned to RG1 B. a just in time (JIT) VM access policy in Azure Security Center C. an Azure Active Directory (Azure AD) Privileged Identity Management (PIM) role assignment D. an Azure Bastion host on VNET1 Answer: B Explanation: https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained 3 QUESTION 272 You have a web app named WebApp1. You create a web application firewall (WAF) policy named WAF1. You need to protect WebApp1 by using WAF1. What should you do first? A. Deploy an Azure Front Door. B. Add an extension to WebApp1. C. Deploy Azure Firewall. Answer: A Explanation: https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door 4 QUESTION 273 You have an Azure subscription that contains an Azure SQL database named sql1. You plan to audit sql1. You need to configure the audit log destination. The solution must meet the following requirements: - Support querying events by using the Kusto query language. - Minimize administrative effort. What should you configure? A. an event hub B. a storage account C. a Log Analytics workspace Answer: C Explanation: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-log-analytics-wizard 5 QUESTION 274 Hotspot Question You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111. You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1. What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: Explanation: Note: Assigning a custom RBAC role as the Management Group level is currently in preview only. So, for now the answer to the assignable scope is the subscription level. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations 6 https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles 7 https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal#step-5-assignable-scopes 8 QUESTION 275 Hotspot Question You have an Azure subscription that contains the custom roles shown in the following table. In the Azure portal, you plan to create new custom roles by cloning existing roles. The new roles will be configured as shown in the following table. Which roles can you clone to create each new role? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: Explanation: https://docs.microsoft.com/en-us/azure/active-directory/roles/custom-create 9 https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal 10 QUESTION 276 Drag and Drop Question You have an Azure subscription that contains the following resources: - A network virtual appliance (NVA) that runs non-Microsoft firewall software and routes all outbound traffic from the virtual machines to the internet - An Azure function that contains a script to manage the firewall rules of the NVA - Azure Security Center standard tier enabled for all virtual machines - An Azure Sentinel workspace - 30 virtual machines You need to ensure that when a high-priority alert is generated in Security Center for a virtual machine, an incident is created in Azure Sentinel and then a script is initiated to configure a firewall rule for the NVA. How should you configure Azure Sentinel to meet the requirements? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Answer: Explanation: https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts 11 https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center 12 QUESTION 277 Hotspot Question You have an Azure subscription named Subscription1 that contains the resources shown in the following table. You have an Azure subscription named Subscription2 that contains the following resources: - An Azure Sentinel workspace - An Azure Event Grid instance You need to ingest the CEF messages from the NVAs to Azure Sentinel. What should you configure for each subscription? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: QUESTION 278 SIMULATION You need to ensure that the rg1lod10598168n1 Azure Storage account is encrypted by using a key stored in the KeyVault10598168 Azure key vault. To complete this task, sign in to the Azure portal. Answer: See the explanation below. Explanation:: Step 1: To enable customer-managed keys in the Azure portal, follow these steps: 1. Navigate to your storage account rg1lod10598168n1 2. On the Settings blade for the storage account, click Encryption. Select the Use your own key option, as shown in the following figure. Step 2: Specify a key from a key vault To specify a key from a key vault, first make sure that you have a key vault that contains a key. To specify a key from a key vault, follow these steps: 4. Choose the Select from Key Vault option. 5. Choose the key vault KeyVault10598168 containing the key you want to use. 6. Choose the key from the key vault. Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-encryption-keys-portal 13 Resources From:1.2021 Latest Braindump2go AZ-500 Exam Dumps (PDF & VCE) Free Share: https://www.braindump2go.com/az-500.html 2.2021 Latest Braindump2go AZ-500 PDF and AZ-500 VCE Dumps Free Share: https://drive.google.com/drive/folders/1sQAsVdJ79oBKFiswxjUzGT6Gt6a6PYWl?usp=sharing 3.2021 Free Braindump2go AZ-500 Exam Questions Download: https://www.braindump2go.com/free-online-pdf/AZ-500-PDF-Dumps(269-278).pdf Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!
|